1. Field of the Invention
The present invention relates to secure digital networks.
2. Background Art
The transmission of digital data representative of contents through a communication network poses problems of protection of the data exchanged and of management of permissions or prohibitions to copy the data.
To remedy these problems, manufacturers of multimedia hardware have proposed solutions making it possible to transmit contents in digital form while preventing the illicit copying of these contents. These solutions generally involve the use of cryptographic systems in which one or a plurality of keys is generated by a trusted party, e.g. a certifying authority, as well as the use of so-called compliant appliances or modules. Each key is associated to a certificate. The certificate cryptographically binds the key to an identity of its owner.
It may happen that a key or a compliant appliance or module containing a secret is pirated. In the former case, a “pirate” succeeds in obtaining the key. In the latter case the “pirate” obtains the secret.
One example of a secure digital network is a system for secure digital broadcasting of content.
It is known in a system for secure digital broadcasting of content to manage a revocation list containing identifiers of keys, of appliances or of modules that are no longer regarded as compliant by the trusted third party since the latter has become aware of the fact that they have been pirated.
The revocation list must be communicated to all participants in the system so that the keys, appliances or modules that are no longer compliant can be identified and no longer be used. For example, the compliant appliances of the system will refuse to communicate with a non-compliant appliance or with an appliance transmitting a non-compliant key.
In order for this to be effective, it is necessary for the compliant appliances to always have access to the revocation list.
More specifically, the revocation list may contain a list of certificates that may not any more be trusted. Such a list is also known as Certificates Revocation List (CRL).
A CRL typically comprises a list of entries. In order to be uniquely identified the CRL is dated and signed by the CRL issuer, e.g. by the trusted third party. Each entry of the CRL may comprise a serial number of a certificate to be revoked and a revocation date.
A device used in the secure digital network may have restrictions on its hardware specifications. Such a device may not have sufficient memory and/or processing capacities to store an entire CRL in its memory and process the CRL stored in its memory to check whether a key, i.e. the certificate associated to this key appears in the CRL. An example for such a device is the widespread smartcard that carries an electronic circuit comprising a memory and a processing unit. Smartcards are frequently used to perform encrypting or decrypting of data.
FIG. 1 illustrates an example of a smartcard according to prior art. The smartcard 11 comprises a plastic card 12 and an embedded microchip 13 that allows to securely store secret information. The microchip 13 comprises pins 14 allowing to communicate with an outside device. The microchip 13 has a memory having a relatively small size: the smartcard may not allow to store an entire CRL.
However, it is possible to use a smartcard to check a signed CRL step by step for the presence of a determined certificate. This avoids storing the entire CRL in the memory of the smartcard.
FIG. 2A illustrates an example of a first method from prior art for checking a CRL with a smartcard. A CRL 21 is transmitted to a smartcard 22 in successive small blocks. Typically, the CRL 21 comprises a CRL identifier NCRL, a CRL signature SCRL and a plurality of entries (241, 242, . . . ,24MAX), each entry comprising an associated revoked certificate serial number (SN1, SN2, . . . ,SNMAX). Each transmitted small block may comprise one or many entries, each entry containing a single revoked certificate serial number SNi. The smartcard 22 processes each small block to check if an entry corresponding to a determined certificate is present: typically, processing means 23 of the smartcard 22 compare a serial number SN0 of the determined certificate to the transmitted revoked certificate serial number SNi.
In order to check the CRL signature SCRL, the smartcard computes a hash value of the successively received small blocks. The hash function used in a generating of the CRL signature SCRL is designed so that the hash value can be computed block by block. After having received all the small blocks, i.e. the entire CRL, and obtained a total hash value, a verifying function is applied to this hash value, to a public key of the trusted third party that generated the signature and to the CRL signature SCRL, thus allowing to check an integrity of the CRL. The checking of the integrity of the CRL needs to be repeated for every new certificate to be checked by the smartcard.
FIG. 2B illustrates an example of a second method from prior art for checking a validity of a determined certificate using a CRL. A CRL 21 is stored in a host device 26, the host device being distinct from a smartcard 22. A certificate identifier SN0 of the determined certificate is transmitted from the smartcard 22 to the host device 26.
Processing means 25 of the second device 26 look up for the certificate identifier SN0 among revoked certificate identifiers (SN1, SN2, . . . , SNMAX) of the CRL 21 stored within the host device 26.
The host device 26 subsequently transmits to the smartcard 22 a result of the looking up that indicates whether the determined certificate is valid or not.
For example, if a relevant revoked certificate identifier equal to the transmitted certificate identifier SN0 is found within the CRL 21, the host device 26 assigns a first value to a Boolean variable BV, e.g. the Boolean variable BV is reset. If the processing means 25 fail to find any relevant certificate identifier equal to the transmitted certificate identifier SN0 within the CRL 21, the host device 26 assigns a second value to the Boolean variable BV, e.g. the Boolean variable BV is set.
The host device 26 transmits the Boolean variable BV to the smartcard 22. The value of the Boolean variable BV indicates to the smartcard 22 whether the CRL 21 comprises a relevant revoked certificate identifier equal to the certificate identifier to be checked SN0 or not. The determined certificate is hence evaluated as valid only if the transmitted Boolean variable BV is set. If the transmitted Boolean variable BV is reset, the determined certificate is evaluated as invalid.
The CRL 21 typically comprises a CRL identifier NCRL and a CRL signature SCRL.
The smartcard 22 may also store the CRL identifier NCRL; when a determined certificate needs to be checked, the smartcard 22 transmits the stored value of the CRL identifier NCRL, thus allowing to check that the CRL 21 stored within the host device 26 is the CRL currently available.
The CRL signature SCRL allows to check an integrity of the CRL 21.